Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ec1684dc17f4518c984b32b42433db09eb8a9d3d38040ce1467f3d7d6d25606d
-
Size
439KB
-
Sample
240901-eaks8s1djb
-
MD5
252cee8587edbb53c77d90e5c4295c60
-
SHA1
bdb25d867097a94a703a20195fbd9682cf4c0d51
-
SHA256
ec1684dc17f4518c984b32b42433db09eb8a9d3d38040ce1467f3d7d6d25606d
-
SHA512
012385591620e0d96815e840d039d6cdb7ac0235ed729d9e8e6fa605b3a2a40bc0f2d8bde4ef4dd53cccc62db28c78930346e26ab98b204e8deed28c789efd2f
-
SSDEEP
12288:Cun15GNq4sWAcfFBmsPTfABCw44dAxn+eG+6v6290cPwaJ:N2NqF46sjdwI4eGHw4
Static task
static1
Behavioral task
behavioral1
Sample
39962cdef1efccb262b01e3bc41e4380ed1f925885f1a22178e505f5c440887a.exe
Resource
win7-20240704-en
Malware Config
Extracted
xworm
5.0
91.92.120.13:7099
ZCamGCh7lBqmpyCR
-
install_file
USB.exe
Targets
-
-
Target
39962cdef1efccb262b01e3bc41e4380ed1f925885f1a22178e505f5c440887a.exe
-
Size
501KB
-
MD5
6b34408cb796d4e16a6caa577ebce6b9
-
SHA1
f011ab355ac5a00204c033f3ac73848f6ce4c0ee
-
SHA256
39962cdef1efccb262b01e3bc41e4380ed1f925885f1a22178e505f5c440887a
-
SHA512
344defa68966df547a0504ee221a2037f737d469e0c496009209f9334589f0f73ac69226bb74ea60eb116332ccaefa0d5c1f8972a5b9d34628d9bfcc4147ea84
-
SSDEEP
12288:E2iNErX80k+laBnUISbE0u9QgYZoXONvIGc2:E1ij8v+MKjbE0ul+Nx
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-